tag:blogger.com,1999:blog-19313907151806091632024-03-17T02:51:55.600-04:00Snurpscool things I've run across.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.comBlogger138125tag:blogger.com,1999:blog-1931390715180609163.post-86231195364759579972014-01-12T14:14:00.000-05:002014-01-12T14:14:00.152-05:00tl;dr of my last post<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNfJ83naBbAm8HTAGEkfPB0r1hj7ZBdme2WCa1illTVFDpgMvh-oL26lU_-2Ey8KRfktoI5u8V3e6zjW0qZYEF2CqV6wcht6ceAPPAfG75qcrhuLihFwDRIu_lnL9KXHhm9DS7QH63jg/s1600/Google+Plus+-+I+will+MAKE+them+love+you+(ywnPPK7).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNfJ83naBbAm8HTAGEkfPB0r1hj7ZBdme2WCa1illTVFDpgMvh-oL26lU_-2Ey8KRfktoI5u8V3e6zjW0qZYEF2CqV6wcht6ceAPPAfG75qcrhuLihFwDRIu_lnL9KXHhm9DS7QH63jg/s1600/Google+Plus+-+I+will+MAKE+them+love+you+(ywnPPK7).png" /></a></div>
<br />Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-5404056118798575672013-12-03T21:49:00.000-05:002013-12-03T21:49:40.913-05:00Boycott Google Plus.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjjq-3zKbtM7kU0Awqj_GYcJHuS0DOAIbeLnteSQsxjLSs3vhw3MBqbhQOCad5ZZUvMe7B3fKAafcA4x5D3DWbHwRB7Wzdt_TNkbu2UHYc4CQ_VBYburMxBGwnOiM3kRASFBX1eMxJbg/s1600/Google+Plus+-+Say+No+to+Google+Plus.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="163" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjjq-3zKbtM7kU0Awqj_GYcJHuS0DOAIbeLnteSQsxjLSs3vhw3MBqbhQOCad5ZZUvMe7B3fKAafcA4x5D3DWbHwRB7Wzdt_TNkbu2UHYc4CQ_VBYburMxBGwnOiM3kRASFBX1eMxJbg/s1600/Google+Plus+-+Say+No+to+Google+Plus.png" width="320" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-small;">(via <a href="https://plus.google.com/115462390352936280200/posts/C6FNTqMatgQ">Google Plus</a>, ironically)</span></div>
<br />
Alright, time to walk back from the inflammatory title. But only kind of.<br />
<br />
Here's the deal. I think 2012 made it apparent that Google Plus is not just a once-good idea that failed to gain traction, but a true nuisance. And 2013 is making it apparent that it's not just a nuisance, but a corroding influence that is destroying Google from within.<br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Let's look at the evidence.</span><br />
<br />
The poster child for victims of Google Plus is Google Reader, which was sacrificed to fuel Google's Sisyphean effort to force people into using its failed social network (<a href="http://snurps.blogspot.com/2013/03/google-reader-killed-in-its-prime.html"><i>not</i> because of declining use</a>).<br />
<br />
The second incident that comes to mind for me is Youtube, which recently fell victim to another Google Plus ploy. Ars Technica has a <a href="http://arstechnica.com/business/2013/11/youtube-tries-to-stem-the-flow-of-a-new-kind-of-terrible-comments/">pretty good explanation</a> of h<span style="font-size: small;">ow — and why — Goog</span>le managed to actually make Youtube's notorious comments worse. And it's a bigger deal than you might think, since many Youtube channels (usually the more thoughtful and worthwhile ones) relied on comments for their videos. They served as a communication channel to an actually useful and interesting community (<a href="https://www.youtube.com/channel/UC6107grRI4m0o2-emgoDnAA">SmarterEveryDay</a>), or as high quality fodder for the videos themselves (<a href="https://www.youtube.com/user/pbsideachannel">PBS Idea Channel</a>). Now, they're so worthless they're essentially gone.<br />
<br />
Another example that hasn't been talked about as much is Picasa. As Nick Mokey of Digital Trends points out in his own "<a href="http://www.digitaltrends.com/opinion/what-happened-to-you-google/">Downfall of Google</a>" post, Google Plus took over Picasa and ironically made it <i>harder</i> to share photos. And it's the Google Plus-ification of Picasa that <a href="http://snurps.blogspot.com/2013/09/google-plus-broke-my-blog.html">broke all the images on my blog</a> recently.<br />
<br />
<span style="font-size: large;">It's downhill from here.</span><br />
<br />
Combine these direct attacks on once-useful Google services with a general trend in Google's recent changes, and the picture is becoming clear: abandon ship. I've been noticing that all the recent redesigns of Google products tend to be worse than before, like the move from GChat to Hangouts. And it's actively taking back good things it did before: Ars presents <a href="http://arstechnica.com/gadgets/2013/10/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/">a pretty definitive case</a> that Google is trying to lock down and close-source Android.<br />
<br />
This actually isn't a rally for some outraged boycott of Google Plus. It would be silly to get that indignant at something like this. But I am a bit exasperated that Google is taking a slew of excellent products and cannibalizing them in a desperate attempt to transform into something we never wanted: a locked-down social network. These products were good because they were designed with one top priority: make them useful for users. The more users, the more eyeballs for Google ads. But now it's apparent that their primary priority is to cash in on those useful products to railroad people into one they never wanted.<br />
<br />
So my thinking is, let's consider pushing back. The harder they push, the more good services they wreck to force us to Google Plus, the more we should say "I refuse to use it for that reason." I'm not sure I'll even be able to leave it, but I can certainly reduce my involvement.<br />
<br />
I'm also thinking of exit strategies from other Google products, just in the interest of self-preservation. The house isn't burning yet, but I smell smoke. Time to eye the exits.<br />
<br />
<span style="font-size: large;">Hiatus?</span><br />
<br />
Of course, the most immediately relevant product that I might leave is Blogspot. A look at the archives shows I haven't had much time to post recently. I've been getting pretty busy with other things going on in my life. Plus, I've been pondering other styles of blogs and other hosting solutions for a while. The incident with my images struck me as just another nice boot out the door. Apparently Google doesn't want me here, so I see no reason to stay.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-72431443841607715252013-10-13T13:13:00.000-04:002013-12-03T20:50:26.464-05:00How many IP addresses does Google have?This will be a very technical post, but I wanted to note this somewhere (and even make it useful for others!). Still, even if you're no command line whiz-kid but you're curious in the answer I got, skip to the end!<br />
<br />
Let's start at the beginning. What is Google's IP address, you might have wondered at some point. Domain names are ways of referring you to an IP address, so google.com must lead you to one, right? Well yes, except it leads you to many. Each time you go to google.com, your computer looks up its IP address and it often gets a different answer each time. Google has so much traffic that it has many IP addresses for its servers, and gives you the address of the closest (or least busy) one whenever you ask. <br />
<br />
So how many does it have in total, and what are they? Well, you can try asking a bunch of times and writing them down. I actually wrote a wrote a script to do that, before I realized maybe I should, say, <i>Google</i> for an answer. (To be fair, I'd done that before but came up short.) What I found was a page from Google's own help documents titled "<a href="https://support.google.com/a/answer/60764?hl=en">Google IP address ranges</a>." This page points out a useful trick: SPF records.<br />
<a name='more'></a><br />
Without getting into too much detail, SPF records are an anti-spam tactic that allows the owner of a domain name to say "Here are the IP addresses allowed to send email from my domain. If you get email from a different IP, it's spoofing me." They do that automatically with information stored in DNS, just like IP address information. So Google has always-up-to-date records of all its IPs* readily available with a DNS query.<br />
<br />
And here's exactly how to get it.<br />
<br />
There are several command-line DNS query tools, but my favorite is Unix's dig, so that's what I'll use here. First, you query all TXT records from a special google.com subdomain: _spf.google.com<br />
<pre>$ dig @8.8.8.8 TXT +short _spf.google.com
"v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"</pre>
The "@8.8.8.8" isn't super-necessary, but to be safe, it ensures that you're getting the information from Google's own DNS servers. Anyway, this returns a text string. The _netblocks subdomains are what we're interested in. These are the actual DNS servers that hold the SPF records. You can get one by making a simple TXT query again:<br />
<pre>$ dig TXT +short _netblocks.google.com</pre>
This returns another string, but it's a bit messy, and it's only from one of the subdomains. To fix the latter problem, we can use a bash shell expansion trick. Since the subdomains Google gave us all start with _netblocks, followed by nothing, 2, and 3, if we write "_netblocks{,2,3}" then bash will <a href="http://tldp.org/LDP/Bash-Beginners-Guide/html/sect_03_04.html">expand</a> that into "_netblocks _netblocks2 _netblocks3". Then we'll use tr and grep to clean up the output:<br />
<pre>$ dig TXT +short _netblocks{,2,3}.google.com | tr ' ' '\n' | grep '^ip4:'
ip4:216.239.32.0/19
ip4:64.233.160.0/19
ip4:66.249.80.0/20
ip4:72.14.192.0/18
ip4:209.85.128.0/17
ip4:66.102.0.0/20
ip4:74.125.0.0/16
ip4:64.18.0.0/20
ip4:207.126.144.0/20
ip4:173.194.0.0/16</pre>
These are the all the actual IP addresses used by Google at the moment,* in <a href="https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation">CIDR notation</a>. How many is that, in total? To save you the effort of calculating it yourself, here is a full script that will do it for you:<br />
<pre>$ total=0
for slash in $(dig TXT +short _netblocks{,2,3}.google.com | tr ' ' '\n' | grep '^ip4:' | cut -d '/' -f 2); do
total=$((total+$(echo "2^(32-$slash)" | bc -l)))
done
echo $total</pre>
What does it give us? <b>212,992</b>.<br />
<br />
<span style="font-size: large;"><b id="tldr20131008">TL;DR:</b></span><br />
Google controls over 200,000 IP addresses as of October, 2013. It may not be making use of all of them at the moment, but that's the total number of answers you could possibly get when you ask "what is google.com's IP address?"<br />
<br />
<br />
*Caveats: it's entirely possible that Google owns more IPs than are noted in its SPF records. The only requirement of its SPF listing is that these are all the IPs Google uses to send Gmail from. Still, I would imagine that for simplicity, they'd add every IP address block they've been allocated, to give them maximum flexibility in what servers they can use for Gmail.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com24tag:blogger.com,1999:blog-1931390715180609163.post-20929445811867747032013-09-25T16:47:00.002-04:002013-09-25T16:47:43.157-04:00Google Plus broke my blog<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9EX3N1l2vQGqWiWemmEbb19KhcCLON-c3hhLTHZAoPWOwFrdpwWSHK2fKOJzRfEDwVFnmtbmr9lyS7mECOGgVuNNvVpaCQ08HdK1SfUaJrJyPRl7hh1LfBHa12dShuePb-hWSHVqF1g/s1600/technical-difficulties-Simpsons.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="308" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9EX3N1l2vQGqWiWemmEbb19KhcCLON-c3hhLTHZAoPWOwFrdpwWSHK2fKOJzRfEDwVFnmtbmr9lyS7mECOGgVuNNvVpaCQ08HdK1SfUaJrJyPRl7hh1LfBHa12dShuePb-hWSHVqF1g/s1600/technical-difficulties-Simpsons.jpg" width="400" /></a></div>
<br />
<br />
Just an FYI, I know that my images seem to all be broken. Guess why? Google Plus.<br />
<br />
So I ended up on my Picasa photos page, which I don't pay much attention to, and I realized since Google Plus happened, it seemed a lot of my photos were being linked to my public<i> </i>profile when I'd never intended that. So I tried fixing the privacy settings, which made them private again. But all the images I upload to my blog are hosted on Picasa. That's Google's choice. It's what automatically happens when you upload images to Blogger. So they're all in this special Picasa album. But when I turned up my Picasa privacy, it made my Blogger images private so no one can see them (even from here). And I can't figure out how to change them back. It might require me re-uploading everything.<br />
<br />
tl;dr Google Plus ruins everything. Modern-day Google is not a place I want to live anymore.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-66067691855426403812013-04-24T17:55:00.004-04:002013-05-07T13:19:24.360-04:00Yes, the government is spying on everyone's Internet trafficWelp, looks like, yes, the NSA has an <a href="http://news.cnet.com/8301-13578_3-57581161-38/u.s-gives-big-secret-push-to-internet-surveillance/">untargeted, mass surveillance program</a> snooping on domestic Internet traffic. I like how the White House granted this extraordinary, likely unconstitutional, legal immunity just for a "pilot project." So basically, that's the level of justification they require (jack). <br />
<br />
Soooo I'd like to take this opportunity to remind everyone about <a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a>. This Firefox/Chrome extension checks whether each site you're visiting has an encrypted connection option, and if it does, it makes sure to use it. That means no one listening in-between will be able to see anything you do on the site, except you and the site owner. Not even the NSA, <a href="https://www.schneier.com/blog/archives/2012/03/can_the_nsa_bre.html">in all likelihood</a>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.eff.org/https-everywhere"><img border="0" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0_KJzP0kB2azLP6RqVHvCzTp1cNgZEXAAVfcRZXSZbHvWti5KgXGfSRZ1jQudXxPiTCyPhyphenhyphenyrejTNYU1iXHs9KHrpRXslttv9iEGuRXf6xzCivKK-tHxwfgE32Fqy0giOoO_ipxjyZw/s1600/HTTPS+Everywhere.jpg" width="400" /></a></div>
<br />
<br />
This little extension has come a long way in the past few years. It started out with a list of only a few dozen sites whose secure connection option it knew how to use. Now there are thousands in the list, including most big-name destinations like Google and Facebook. Think about it. You enable this, and no one except you and Google will see anything you do on any of their sites. No one at the NSA, Comcast, the airport WiFi service, or the dude sitting next to you at Starbucks.<br />
<br />
Now, I only wish there was a mobile version. I've been thinking it'd be nice, since you're using your phone all the time on insecure WiFi networks run by random parties. But now that AT&T is a specific company they mention participating in this spying, it'd be pretty great to black out my phone traffic to them too. Well, luckily both Android and the iPhone support VPN connections, so all you gotta do is run OpenVPN at home (or, if you're a human, sign up for a <a href="http://proxpn.com/twit/">VPN service</a>) and do your part in saying "screw you, AT&T."Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-32544104823602072272013-04-20T16:38:00.001-04:002013-04-20T16:40:54.165-04:00Evolution, in a sentenceMost teachers and biologists like to gum up the theory of evolution with lots of preconditions and caveats. Instead, I see it as something so simple, it's basically built in to the logic of the universe.<br />
<br />
Maybe I'll expand on this in another post, but right now I just wanted to note the best, simplest way of explaining it I've stumbled upon so far:<br />
<br />
<blockquote class="tr_bq">
<span style="font-size: large;">If a thing makes more things, then there will be more of that thing.</span></blockquote>
<br />
It really boils down to that. There aren't really any more complicated "rules" or mystical workings to evolution. Instead, it's beautifully simple and automatic.<br />
<br />
That's it for now.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com1tag:blogger.com,1999:blog-1931390715180609163.post-23894715666174391102013-04-03T11:26:00.000-04:002013-04-03T11:26:05.668-04:00CSS<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzd4lBZCT_V2NxIhPeHocW5AiCjJBe0wUJ8EA4ydXru37cF-oQsgeV90ePuQOurGoltfaMxOTLLQMr6Yr6iFCD7iMUdAt8qbtId2gv7Ew58kPsABewr-L7rGBPb7mj2R5-41nVbbjTFg/s1600/CSS+-+web+development,+adjusting+CSS+(Q3cUg29).gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzd4lBZCT_V2NxIhPeHocW5AiCjJBe0wUJ8EA4ydXru37cF-oQsgeV90ePuQOurGoltfaMxOTLLQMr6Yr6iFCD7iMUdAt8qbtId2gv7Ew58kPsABewr-L7rGBPb7mj2R5-41nVbbjTFg/s1600/CSS+-+web+development,+adjusting+CSS+(Q3cUg29).gif" /></a></div>
<br />
<br />
All you web developers, you know <a href="https://en.wikipedia.org/wiki/Cascading_style_sheets">what I'm talking about</a>.<br />
<br />
I've never seen it summed up so well.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-69991581589443592272013-03-17T18:03:00.001-04:002013-03-17T18:03:29.554-04:00Google Reader killed in its prime?Okay, so maybe not exactly its prime. But I noticed that in their <a href="http://googleblog.blogspot.co.uk/2013/03/a-second-spring-of-cleaning.html">announcement</a>, Google noted Reader's years of declining usage as the reason for ending it. Now, I have no sense of its popularity; I don't even use it myself. So out of curiosity I went to <a href="https://www.google.com/trends/explore#q=google+reader">Google Trends</a> to check interest in Reader:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjepqEY0bWt-zBYcL3FKk9Crocapq-3Qwe2uIfMqUfdjqvLQ_RTEek6AmE6OXg6pijs-FGNDHhstSDdcw1Gz_NxGlYfBCnz1Hwk13KwYKmfzCULKq2a_gS7YouGZ0VZAI8KYQuj79-xJg/s1600/Google+Reader+-+Google+Trends.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjepqEY0bWt-zBYcL3FKk9Crocapq-3Qwe2uIfMqUfdjqvLQ_RTEek6AmE6OXg6pijs-FGNDHhstSDdcw1Gz_NxGlYfBCnz1Hwk13KwYKmfzCULKq2a_gS7YouGZ0VZAI8KYQuj79-xJg/s1600/Google+Reader+-+Google+Trends.png" /></a></div>
<br />
Now, Google Trends is a pretty rough indicator of the actual number of users of something. But I found it interesting that there's absolutely no sign of a decline until just last year. In fact, the last couple years seem to be the strongest in Google Reader's history.<br />
<br />
So either Google Trends is <i>way</i> off, or lack of interest isn't the main reason Google is shutting it down. Perhaps it's a slightly more conniving move to <a href="http://arstechnica.com/business/2013/03/google-reader-will-rise-again-as-part-of-google/">shore up Google Plus</a>. Ars has the details, but Hitler might have put it even better:<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="360" src="https://www.youtube.com/embed/A25VgNZDQ08" width="640"></iframe>Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-13047200913989607912013-02-25T09:30:00.000-05:002013-09-25T16:37:34.099-04:00Expand short urls with one bash commandWarning: This post is pretty much for techies/programmers only. Sorry, but I just had to share this cause it ended up being pretty cool.<br />
<br />
The rise of url shorteners, while useful, has made it kinda uncertain where any particular click will take you. Even if you're not as security-conscious as I am, sometimes you might be wondering whether some link will take you to some annoying spam page.<br />
<br />
There are wonderful services like <a href="http://longurl.org/">LongURL</a> and <a href="http://www.longurlplease.com/">Long URL Please</a>, which try to make it possible to see where you're going before you click, but sometimes they're tripped up by unknown url shorteners or multiple levels of redirection. Plus, it takes a few clicks to get to those services in the first place.<br />
<br />
Thing is, I know that it's possible to make a generalized service that simply looks for any <a href="https://en.wikipedia.org/wiki/HTTP_redirect">HTTP redirects</a> and follows them until the end of the chain. For the longest time I've meant to make this, probably as a web tool. But then I started messing with curl's -I option (which prints just the HTTP response header), and realized I could make it much more simply. Eventually I ended up fitting it into 6 lines of bash! So I thought I'd share:<br />
<blockquote class="tr_bq">
<b><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">longurl () {<br />
url="$1"<br />
while [ "$url" ]; do<br />
echo "$url<span style="font-size: x-small;">"</span><br />
line=$(curl -sI "$url" | grep -P '^[Ll]ocation:\s' | head -n 1)<br />
url=$(echo "$line" | sed -r 's/^[Ll]ocation:\s+(\S.*\S)\s*$/\1/g')<br />
done<br />
}</span></b> </blockquote>
Just paste the url after the command "longurl" and it'll follow the redirect chain, printing each url. For example:<br />
<blockquote class="tr_bq">
<b><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">$ longurl http://t.co/8VzDpOP0Xz<br />
http://t.co/8VzDpOP0Xz<br />
http://ow.ly/hU93Q<br />
http://www.quora.com/Lincoln-2012-movie/How-historically-accurate-is-Lincoln-the-movie</span></b></blockquote>
Note: As an optional feature, you can add the line <span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">"<b>echo -n "$url" | xclip -selection clipboard</b>"</span></span> at the top of the loop to use <a href="http://linux.die.net/man/1/xclip" title="sudo apt-get install xclip">xclip</a> to automatically paste the final url into your clipboard*. But it only works on Linux systems and xclip isn't a default package, so I left that line out. Oh, and a disclaimer while we're at it: I really should be checking the HTTP response code, yadda yadda yadda, <a href="http://knowyourmeme.com/memes/didnt-read-lol">didn't read</a> the relevant RFC's, etc. But this is simple, it should work in most cases, and when it doesn't, you'll know.<br />
<br />
Anyway, if you're the kind of person who usually has a terminal sitting open, this might prove pretty convenient. Just paste the function into your .bashrc file to have the command available in every session. Oh, and make sure you have <a href="http://superuser.com/questions/297931/how-to-install-curl-on-ubuntu" title="sudo apt-get install curl">curl</a> installed. But you should already have that, shouldn't you?<br />
<br />
If you need any more convincing, here's an example I just ran into of a nice, long redirect chain that did indeed end up at a spammer site. Glad I checked it first:<br />
<blockquote class="tr_bq">
<b><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">$ longurl http://t.co/oZ2IWUfW9m<br />
http://t.co/oZ2IWUfW9m<br />
http://is.gd/5TIIkF/ubeldynl<br />
http://steve.omeuemail.com.br/7voxe1rz0m1hwcrsOmngucq/Qznqh4x-Ninlkk0yiq7kdmlyx-Rje1ieyqgkmbtqxhswaxmcl/5rwc6eyhfxqbp/Sw0yazi5lqmew5fxszvte0/Nvefuwsqe9q3zbjvvlsiswyv0Kmbbqpmgawedcrtkhv/Rdwoy5iwkfxigllbuqzvxfyw-D3qvi1z7f<br />
http://gift-card-rewards.com/?r=y</span></span></b></blockquote>
<br />
<br />
*Now, I actually have a modified version that uses sed to paste just the domain name into my clipboard because my most common use case is to immediately paste the domain into <a href="https://www.mywot.com/">Web of Trust</a> to see if the link actually goes somewhere nasty. So as an FYI, here's my version of the line:<br />
<blockquote class="tr_bq">
<b><span style="font-family: "Courier New", Courier, monospace; font-size: x-small;">echo -n "$url" | sed -r 's/^https?:\/\/([^/]+).*\/.*$/\1/g' | xclip -selection clipboard</span></b></blockquote>
<br />
<b>Update</b>: If you're looking for some interesting links to try it on, I suggest using any of the links in the weekly Ars Technica "<a href="http://arstechnica.com/gadgets/2013/09/wednesday-dealmaster-comes-with-a-gift-card/">Dealmaster</a>" posts. These seem to always go through incredible numbers of redirects via various tracking, advertising, and analytics companies. For example, <span style="font-size: x-small;"><b><span style="font-family: "Courier New",Courier,monospace;">http://bit.ly/1b5KFTr</span></b></span> gets you a total of 14 redirects! It actually fails on the last one because it's a relative URL, but you can just use the one before it. I don't have a problem with these links, since I believe the redirects give credit to Ars and helps support them. Still, it shows how this little tool can shed light on a lot of stuff going on behind your back that you wouldn't have ever noticed otherwise.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com1tag:blogger.com,1999:blog-1931390715180609163.post-45239645504885821592013-01-16T19:17:00.001-05:002013-01-16T21:45:22.597-05:00Uninstall Java.<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmf1WUg7ArFZfGNKBNNBpgPeg1pg-0FQTD2Qlwua-EIutPK6NySWCzAVbSi9gRixb98djJrkihIFXC1oYLQysQMyNUqxPhxRt3KZO3p5NUtxwbn_FnqSJL7tURS3UQcPRd2URfdAIBhg/s1600/Java+logo+crossed+out+-+No+Java,+anti-Java+sign.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmf1WUg7ArFZfGNKBNNBpgPeg1pg-0FQTD2Qlwua-EIutPK6NySWCzAVbSi9gRixb98djJrkihIFXC1oYLQysQMyNUqxPhxRt3KZO3p5NUtxwbn_FnqSJL7tURS3UQcPRd2URfdAIBhg/s1600/Java+logo+crossed+out+-+No+Java,+anti-Java+sign.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">(source: <a href="http://www.codemonkeyx.net/2011/01/19/java-still-garbage/">codemonkeyx.net</a>)<br />
(coincidentally in a story about getting viruses from Java)</td></tr>
</tbody></table><br />
Just as a PSA, if you have Java on your system, you need to either uninstall it, or at the very least, make sure it's disconnected from your web browser. <a href="http://snurps.blogspot.com/2013/01/uninstall-java.html#section-java-uninstall">Skip to the bottom</a> for instructions or read on for the full story.<br />
<br />
The past six months have shown Java to be the biggest security disaster in personal computing right now. Really, though, we've known this for a while now. A 2010 report by Microsoft showed that having Java was by far the most common reason users got malware on their computers:<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://arstechnica.com/business/2011/10/microsoft-finds-64-billion-fewer-spam-messages-one-month-after-botnet-takedowns/" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBKwC-bwTh7okLOrs5c7zjO3CgKPENUXSERGOEraSWwOxoqNOdYA0WUkQc23FHuG-DKFHKEt9xvWOhYODVKJjuMGs01tqxzTL9fwZHPkm7uMTD7Rlm-y1ZgfLVeiAHWhUiYUv1zFc1Eg/s1600/Microsoft+Security+report+-+most+common+exploit+vectors+(routes+of+compromise).png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">(via <a href="http://arstechnica.com/business/2011/10/microsoft-finds-64-billion-fewer-spam-messages-one-month-after-botnet-takedowns/">Ars Technica</a>)</td></tr>
</tbody></table><br />
<a name='more'></a><br />
But in the last six months in particular, we've seen an exceptional level of security incompetence from Oracle, the developers of Java. In late summer, a series of <a href="http://arstechnica.com/security/2012/09/yet-another-java-flaw-allows-complete-bypass-of-security-sandbox/">very bad vulnerabilities</a> came to light. Oracle already knew about some of them, but didn't act on them until they became actively exploited by malware authors. And at the end of September, <a href="https://threatpost.com/en_us/blogs/oracle-leaves-fix-java-se-zero-day-until-february-patch-update-101712">Oracle decided</a> they weren't going to act on the latest discovered vulnerability until <i>February</i>.<br />
<br />
Now, in January, we're seeing a total repeat of the free-for-all at the end of the summer. I can't confirm that the vulnerability that Oracle scheduled for February is one of those in the news recently, but regardless, there are plenty that are now being used by malware. And just like in September, Oracle released a security patch, only to see <a href="http://arstechnica.com/security/2013/01/5000-will-buy-you-access-to-another-new-critical-java-vulnerability/">a new vulnerability</a> pop up soon thereafter. As of this writing, even a fully up-to-date version of Java is vulnerable.<br />
<br />
And the complete tragedy of this saga is that having Java installed as a browser plugin is <i>useless</i>. When is the last time you saw a Java applet in a webpage? Java applets are a dead technology, and for good reason. Do you remember how terrible they always were? Java applets are why I still recoil whenever I see the Java logo.<br />
<br />
So unless you're one of the 0.1% of people who still use Java applets and can't live without a critical one, you lose nothing by removing it from your browser. Yet the majority of the public are unknowingly browsing around with a giant, exposed malware target in their browsers <i>for no reason</i>. Java desktop applications are also rare these days, so if you uninstall Java from your computer entirely, you'll likely never miss it. (Oh, and just to answer a widespread misconception, <a href="http://ask.libreoffice.org/en/question/696/what-features-absolutely-require-java/">you don't need it</a> for LibreOffice/OpenOffice anymore.) The benefit to uninstalling completely is that Java has a habit of sneaking itself back in your browser every time you update it, so removing Java entirely avoids that headache.<br />
<br />
Anyway, enough talk. Time for <span id="section-java-uninstall"><b>action</b></span>:<br />
<br />
<ul><li>To uninstall Java, which I recommend (but only if you're sure that you don't use any programs that rely on it):</li>
</ul><blockquote class="tr_bq"><blockquote class="tr_bq"><b>Windows 7</b>: Start Menu > Control Panel > Programs > Uninstall a Program (Programs and Features) > select any program with Java in the name > Uninstall</blockquote></blockquote><ul><li>To remove it from your browser, follow instructions at <a href="http://disable-java.com/">disable-java.com</a>.</li>
</ul><blockquote class="tr_bq"><blockquote class="tr_bq"><b>Firefox</b>: Ctrl+Shift+A > Plugins > every plugin with "Java" in name > Disable<br />
<b>Chrome</b>: Go to "<a href="chrome://plugins/" target="_blank">chrome://plugins" (enter in address bar) > Java(TM) > Disable</a></blockquote></blockquote>Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com1tag:blogger.com,1999:blog-1931390715180609163.post-58379347948978287542013-01-03T20:11:00.000-05:002013-01-03T20:15:28.641-05:00Fraudulent Google Certificate Issued by TURKTRUST - a CA you can safely delete<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAGfj-hLP8k0LVBmpuT4dOFqzbEnHtXUnZr4QGHhY_f8T9BoxLDlXoiEs55zdMQlgIzO5dvFVZHe6Sx_-mb_PK8YzP5YjZEyB6LtW9t_QCFc8s0gwMFX4LRgK1thZtbC5IYviiKdhD2g/s1600/Certificate+Authority+list+and+manager+in+Firefox.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAGfj-hLP8k0LVBmpuT4dOFqzbEnHtXUnZr4QGHhY_f8T9BoxLDlXoiEs55zdMQlgIzO5dvFVZHe6Sx_-mb_PK8YzP5YjZEyB6LtW9t_QCFc8s0gwMFX4LRgK1thZtbC5IYviiKdhD2g/s1600/Certificate+Authority+list+and+manager+in+Firefox.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Firefox's default list of trusted certificate authorities</td></tr>
</tbody></table><br />
I'll point you <a href="https://krebsonsecurity.com/2013/01/turkish-registrar-enabled-phishers-to-spoof-google/">here</a> for the full story, and add my two cents below.<br />
<br />
Sadly I don't have time to get into the rabbit hole of explaining certificates and SSL, so this will have to be directed at those already in the know.<br />
<br />
Here's the overview. A root certificate authority, TURKTRUST (yes, they're Turkish), somehow issued two certificates in 2011 that allowed their owners to impersonate any *.google.com site. And I'm here to let you know you can go right ahead and delete TURKTRUST from your browser without worrying you'll ever need it. <br />
<br />
This useful bit of information is courtesy of "Nasko" at netsekure.org, who did a survey in 2010 of <a href="http://netsekure.org/2010/04/most-common-trusted-root-certificates/">the most commonly used certificate authorities</a> on the web. This was in order to reduce his attack surface, since we've seen a steady stream of CA (certificate authority) compromises over the years, and if you don't trust a CA in the first place, you can't be fooled by their fraudulent certificates.<br />
<br />
His surprising results were that you only need about 25 CA's out of the hundreds that browsers trust by default. His survey queried the top 1 million most popular sites according to Alexa, so you can be pretty sure he didn't miss much of the web.<br />
<br />
What's more, I actually implemented his findings, deleting all but the those 25 from my own browser. And after several months of (heavy) browsing, I can tell you I've never once run into a problem.<br />
<br />
After the jump, my revelations on the bigger picture I learned through this experiment.<br />
<a name='more'></a><br />
Are you here? Okay. Here's the big secret. All the website SSL certificates out there being sold publicly are from just a handful of root CA's. The vast majority of those installed in browsers are specialty CA's that aren't even intended for public web traffic. I think they're mostly for internal use at large companies or government agencies, or for email validation only.<br />
<br />
Because browsers can't be seen as capricious or prejudiced in their decisions of which CA's to include, they develop standardized criteria and adopt the policy that any organization who applies and passes these tests and audits will be accepted as a root CA. Well, at least I know <a href="https://www.mozilla.org/projects/security/certs/policy/">Mozilla does</a>. And we all know how fallible audits are. Also, audits can't answer the more abstract questions like whether to trust <a href="https://en.wikipedia.org/wiki/CNNIC">CNNIC</a>, given that it's China's main Internet agency. And we know the sorts of things China's Internet overlords think are cool.<br />
<br />
Anyway, I think this leads to the inclusion of lots of organizations who are able to technically fulfil the requirements, but whose presence in our browser's list of Extremely Trusted Entities we might seriously question. For instance, do I really need to give full power to seamlessly impersonate any website on the planet to "Agència Catalana de Certificació" (apparently an obscure Catalonian government agency*)? Should I be giving the ability to man-in-the-middle my most trusted communications to "Netlock Halozatbiztonsagi Kft." (some Hungarian tech company, also barely existent on the web)? Not to single out the funny-sounding foreign ones. I have almost as many misgivings about "Microsoft Internet Authority" and even "Wells Fargo Root Certificate Authority," for various reasons.<br />
<br />
The bottom line is that browsers, for political reasons, are unable to deny the inclusion of all these organizations who feel the need to put the entire world at risk just because they want their employees to use their own <a href="https://en.wikipedia.org/wiki/Not_invented_here">in-house</a> (and likely <a href="https://twitter.com/hipsterhacker/status/77716476873801728">awful</a>) email authentication system.<br />
<br />
But while the browsers can't say no, <a href="http://netsekure.org/2010/04/how-to-disable-trusted-root-certificates/">you can</a>.<br />
<br />
<br />
* There is hardly any information out there on this agency's existence, but according to Google's translation of its <a href="https://ca.wikipedia.org/wiki/Ag%C3%A8ncia_Catalana_de_Certificaci%C3%B3">Catalonian Wikipedia page</a>, it "<span class="" id="result_box" lang="en"><span class="hps">seeks to</span> <span class="hps">manage</span> <span class="hps">digital certificates and</span> <span class="hps">provide services</span> <span class="hps">related to</span> <span class="hps">electronic signatures</span> <span class="hps">and</span> <span class="hps">identification</span> <span class="hps">processes</span> <span class="hps">required in</span> <span class="hps">the</span> <span class="hps">scope of</span> <span class="hps">the Catalan public administrations</span><span class="">." This seems to support my theory that many of these CA's aren't even intended for wide use on the web. This has more to do with internal administrative activities for this one small government agency.</span></span>Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-65400619740866762282012-12-21T12:56:00.003-05:002012-12-21T12:56:37.173-05:00Update: A billion views.<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.youtube.com/watch?v=9bZkp7q19f0"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpFbnxEKvit403jogi-283-aucf6mg9QUiwE39ZMlZBGEt_M8K64Z3mEXHG_WIA0xPV1qUlTlCyS7qP7-EIgnTAQhujd-twHWcXyWW73SymQmCWP9QPuUwfcaZ3XrrEELJq8b4HobumQ/s1600/Gangnam+Style+billion+small.png" /></a></div>
<br />
<br />
Well, it happened. Since <a href="http://snurps.blogspot.com/2012/11/the-new-most-viewed-video-on-youtube.html">becoming the most viewed video ever</a> over Thanksgiving, Gangnam Style gathered 200 million views in under a month to become the first Youtube video ever with more than a <i>billion</i> views. Man. Remember when a million views was a lot?<br />
<br />
Oh, and the bonus is that a couple weeks ago, some people started passing around a supposed <a href="http://www.allkpop.com/2012/11/nostradamus-prediction-meme-on-psys-gangnam-style-receives-attention">Nostradamus prediction</a> that could be interpreted as saying the world will end when Gangnam Style gets a billion views. The prophesy included hints at Korea, the horse dance, and the nine zeros in 1 billion. And when I saw that, I realized that the video was on track to a billion views right around Dec 21st, which was only too perfect. And now it did happen on the 21st! Right at noon. Extra bonus Apocalypse points.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-282651123261968402012-12-16T14:48:00.000-05:002012-12-16T14:48:15.636-05:00Fake Morgan Freeman turns out to have the sanest comment on the shootingThis has been making the rounds on Facebook, misattributed to Morgan Freeman (because nothing on Facebook can occur without some misinformation propagated by the gullible). Turns out it <a href="http://www.reddit.com/r/politics/comments/14wyhp/morgan_freemans_response_to_the_shootings/c7h8yor">comes from</a> some Facebook user named Mark, but it's just as sensible a comment on this whole circus.<br />
<br />
<blockquote class="tr_bq">
"You want to know why. This may sound cynical, but here's why.<br />
It's because of the way the media reports it. Flip on the news and
watch how we treat the Batman theater shooter and the Oregon mall
shooter like celebrities. Dylan Klebold and Eric Harris are household
names, but do you know the name of a single <em>victim</em> of
Columbine? Disturbed
people who would otherwise just off themselves in their basements see
the news and want to top it by doing something worse, and going out in a
memorable way. Why a grade school? Why children? Because he'll be
remembered as a horrible monster, instead of a sad nobody. </blockquote>
<blockquote class="tr_bq">
CNN's article says that if the body count "holds up", this will rank
as the second deadliest shooting behind Virginia Tech, as if statistics
somehow make one shooting worse than another. Then they post a video
interview of third-graders for all the details of what they saw and
heard while the shootings were happening. Fox News has plastered the
killer's face on all their reports for hours. Any articles or news
stories yet that focus on the victims and ignore the killer's identity?
None that I've seen yet. Because they don't sell. So congratulations,
sensationalist media, you've just lit the fire for someone to top this
and knock off a day care center or a maternity ward next. </blockquote>
<blockquote class="tr_bq">
You can help by forgetting you ever read this man's name, and
remembering the name of at least one victim. You can help by donating to
mental health research instead of pointing to gun control as the
problem. You can help by turning off the news."</blockquote>
Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-57266485890664408132012-12-04T18:58:00.002-05:002012-12-04T18:59:34.774-05:00Best argument for Google ever<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisCWrnkobqLaaNmlFggr5e_UApfbABKKo1JXNzMMJ2LSEergc8u3F5cCEff_43OUNET1sNYZrS4e-QeA2ogch5B4sTr-kvbcd6J3COaEV0EH-m_jHi0b3WZlTkI1Mdqb9RAlvX7miyxQ/s1600/Bing+it+On+-+Rob+Schneider+(tum+ta+teedly+tum+ta+ter).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="384" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisCWrnkobqLaaNmlFggr5e_UApfbABKKo1JXNzMMJ2LSEergc8u3F5cCEff_43OUNET1sNYZrS4e-QeA2ogch5B4sTr-kvbcd6J3COaEV0EH-m_jHi0b3WZlTkI1Mdqb9RAlvX7miyxQ/s1600/Bing+it+On+-+Rob+Schneider+(tum+ta+teedly+tum+ta+ter).png" width="700" /></a></div>
<br />
You can guess which one's Google.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-84544142094390326322012-11-29T22:17:00.000-05:002012-11-29T22:25:46.416-05:00Finally. Netflix on Linux.<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZxbjkAE3FWFT9vrWDUYEMRXILtpJi3JnISaVygDcIx9AVU-5gC77uyavuZxuxKHswqDK1XggwavaL2l_TmE4OIpEwp7WVlC_D29pQwveaf4PM44gC3K-S9jkbRiHBKplHhRpIxWV2SQ/s1600/success+kid+-+we+did+it.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZxbjkAE3FWFT9vrWDUYEMRXILtpJi3JnISaVygDcIx9AVU-5gC77uyavuZxuxKHswqDK1XggwavaL2l_TmE4OIpEwp7WVlC_D29pQwveaf4PM44gC3K-S9jkbRiHBKplHhRpIxWV2SQ/s1600/success+kid+-+we+did+it.jpg" width="268" /></a></div><br />
A <a href="http://www.omgubuntu.co.uk/2012/11/how-to-use-netflix-on-ubuntu">recent post</a> at the "OMG! Ubuntu!" blog broke the news that there is finally a working, straightforward way to watch Netflix on Linux. Skip to <a href="#section-netflix-install">installation instructions below</a> or read on for the full story. Oh, and here's a screenshot if you're still incredulous:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1XKY8cWUP-Kif-neyj8eDG-gA2FkFDvIpf4vgyfuhD7uNq0DXmBYWMd1fmaQyfQWz7CmQqhjP2r94lcy84LLFUg1b5-8atPi7OFPPNRfUeloV10VGLbM3jnUsgyNTFqyuOJHsuL9R9Q/s1600/Netflix+on+Ubuntu+Linux+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="374" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1XKY8cWUP-Kif-neyj8eDG-gA2FkFDvIpf4vgyfuhD7uNq0DXmBYWMd1fmaQyfQWz7CmQqhjP2r94lcy84LLFUg1b5-8atPi7OFPPNRfUeloV10VGLbM3jnUsgyNTFqyuOJHsuL9R9Q/s1600/Netflix+on+Ubuntu+Linux+screenshot.png" width="640" /></a></div><br />
For those not so familiar with the story, here's the background. These days you can do almost everything you need to on Linux. But the one gaping hole for those of us who've switched to Linux full-time has been Netflix. The streaming video on netflix.com requires Microsoft Silverlight (apparently they need its DRM capabilities), and, unsurprisingly, Silverlight is not available on Linux. Last I heard, it wouldn't even run properly in WINE, the Windows emulation/compatibility layer people often use to run Windows apps on Linux. So the only standard way to watch Netflix, and the way I've been using, is to install an entire copy of Windows in a virtual machine. This is pretty clunky and slow, at best. In order to watch Netflix I'd have to start up my virtual machine, a process about as slow as booting a real computer, and often close Firefox to get the 2GB of free RAM it requires.<br />
<br />
So naturally there have been pleas for years to get Netflix to finally support Linux. After all, they work on Windows, Mac, iOS, and Android already. There have even been a number of false starts, like last year when they announced they would be supporting Chrome OS, which is a version of Linux. It turns out that even though they produced a Chrome plugin that worked on Chrome OS's Linux, no one could get it to work reliably, even moving the plugin files and executables to the proper locations in Chrome installed on a regular Linux OS.<br />
<br />
<a href="http://www.urbandictionary.com/define.php?term=tl%3Bdr">tl;dr</a>: We've been stuck with virtual machines for years.<br />
<br />
But apparently two developers, Erich Hoover and David Andrews have put together <a href="http://www.iheartubuntu.com/2012/11/ppa-for-netflix-desktop-app.html">a well-functioning solution</a> using Firefox and Silverlight installed in a bundled (and improved?) version of WINE. I just watched an entire episode of Archer without so much as a blip of buffering, and this is on a Core 2 Duo 2.53GHz machine with 4GB RAM (with Firefox open!). The developers claim to have even gotten it running on a netbook. One disclaimer of note: this works on Ubuntu running Unity, but I'm not sure if it's supported outside that configuration. So, without further ado:<br />
<br />
<h4><span id="section-netflix-install">Here's how to install it on Ubuntu</span></h4><span style="font-family: "Courier New",Courier,monospace; font-size: small;">$ sudo apt-add-repository ppa:ehoover/compholio</span><br />
<span style="font-family: "Courier New",Courier,monospace; font-size: small;">$ sudo apt-get update && sudo apt-get install netflix-desktop</span><br />
<br />
That's it. They've bundled it all into one package in their repository. It installs WINE, Silverlight, and Firefox (the Windows version) automatically. When you first start it up (search "Netflix" in Unity) WINE will do some configuration (say yes to the installation prompts) and the Netflix login page will pop open. (Important note: it's just Firefox full-screen, so hit F11 to exit full-screen mode.)<br />
<br />
Further instructions and troubleshooting in the developers' post:<br />
<a href="http://www.iheartubuntu.com/2012/11/ppa-for-netflix-desktop-app.html">PPA for Netflix Desktop App - iheartubuntu</a>Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com1tag:blogger.com,1999:blog-1931390715180609163.post-3851183544491766062012-11-24T14:00:00.000-05:002012-11-24T16:38:09.557-05:00The new most viewed video on Youtube<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHa8v4Ss2dhFSDEdpR5FfxRE5SFW7siDYTTiB9ucB_nGOu_r4bl0Sdi-NRSccGRK0mzZH2c2M34VbwQEPcL0bLgVi5aCr4iN9DJFhCbiXcdhIaOd1KgRUUD6YhPf2yqHouI1FWM02iRQ/s1600/Youtube+Gangnam+Style+top+video+all+time.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHa8v4Ss2dhFSDEdpR5FfxRE5SFW7siDYTTiB9ucB_nGOu_r4bl0Sdi-NRSccGRK0mzZH2c2M34VbwQEPcL0bLgVi5aCr4iN9DJFhCbiXcdhIaOd1KgRUUD6YhPf2yqHouI1FWM02iRQ/s1600/Youtube+Gangnam+Style+top+video+all+time.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
Well, it happened. Gangnam Style is now the most viewed video on Youtube, having just passed Justin Bieber's "Baby" at over 800 million views. And I have to say, I welcome this turn of events.<br />
<br />
It's hard to explain, but my attitude is similar to when I decided to embrace the popularity of Lady Gaga and LMFAO. That attitude is essentially, "Well hey, at least they're making pop music interesting. So why not?" And, as you move from Lady Gaga to LMFAO, and now Gangnam Style, it shows the mainstream's increasing embrace of the ridiculousness and wtf nature of the internet that I'm so fond of. So in celebration, let's stop worrying about things making sense and enjoy one more round of that Korean pop maniac:<br />
<br />
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" src="https://www.youtube.com/embed/9bZkp7q19f0" width="640"></iframe>Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com1tag:blogger.com,1999:blog-1931390715180609163.post-18600420317524812092012-11-07T00:34:00.003-05:002012-11-07T00:35:44.204-05:00Totally off-the-cuff second term prediction<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivb2ZDJ1XqakJygi7XF0bzupP9jyNA8Q2EpnydUAwawRmddfaNZUlLMV0W4SR4ek9kVgXkerQo9NZQjyWrh93fVU5pDvPzh1NNX8euiFoes4Bl_vcoAz6oSVL2jeM7o9p84BNepFyE6A/s1600/Obama+wins+re-election+2012.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="390" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivb2ZDJ1XqakJygi7XF0bzupP9jyNA8Q2EpnydUAwawRmddfaNZUlLMV0W4SR4ek9kVgXkerQo9NZQjyWrh93fVU5pDvPzh1NNX8euiFoes4Bl_vcoAz6oSVL2jeM7o9p84BNepFyE6A/s1600/Obama+wins+re-election+2012.png" width="640" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-small;">(<a href="http://www.nbcnews.com/">NBC News</a>)</span></div>
<br />
Apologies for the political post. I'm not actually taking any sides here, and I hope it won't turn anyone off, regardless of political persuasion. I just wanted to record a prediction on my mind so I can check it later. Anyway. Here's what I see happening:<br />
<br />
So when did we last see a president facing heavy, ideologically-incensed opposition nevertheless re-elected by a slim margin? Don't have to think back too far. Yep, I'm talking about 2004. Now, the interesting thing about 2004 is that, looking at Bush's approval ratings, that's just about the last time he could've eked out a re-election:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjE54DbDJhco1T-tWf1i-A_bbvGiRsljmeSDwndRMDZ02yd_HRfoSXd9y70ijpWOmMyti0nNi_ZvcpMCCsciGkG9jC2kZAlf8V9Hcyg-JT76L9LRPFbGbPmQwFv5fheKnZ_E-DdNyS9A/s1600/Bush+approval+ratings.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjE54DbDJhco1T-tWf1i-A_bbvGiRsljmeSDwndRMDZ02yd_HRfoSXd9y70ijpWOmMyti0nNi_ZvcpMCCsciGkG9jC2kZAlf8V9Hcyg-JT76L9LRPFbGbPmQwFv5fheKnZ_E-DdNyS9A/s1600/Bush+approval+ratings.png" width="400" /></a></div>
<div style="text-align: center;">
Bush approval ratings over both terms</div>
<div style="text-align: center;">
<span style="font-size: x-small;">(<a href="http://www.hist.umn.edu/~ruggles/Approval.htm">Prof. Steven Ruggles, Univ. Minnesota</a>)</span></div>
<br />
And despite Obama's similarly unidirectional trend in approval ratings, he seems to have just pulled off a similar feat. But I don't see any reason to believe his trend is going to reverse. So, reasoning by analogy, I'm going to put in a prediction of a similar second-term implosion for Obama. Now, where did that take us last time? Well, I suppose it brought a landslide victory for a candidate further to the left than anyone would have predicted possible. So I guess I have to assume a similar result in 2016.<br />
<br />
I think this scenario fits with the ideas we're hearing at the moment about the Republican party. Yes, many Republicans believe Romney's mistake this year was being too far right and alienating moderates. The primaries were a circus that pushed everyone to the far right, and maybe Romney didn't pivot back to the center fast enough. But at the same time, I hear conservatives who are convinced Romney's problem was being too moderate and milquetoast. I don't see how these two movements could actually resolve in the next four years and give them a new, viable direction. But! If Obama really does undergo a Bush-level-implosion in his second term, the Republicans could easily nominate someone as far to the right as half their primary candidates this time and win. I'm not trying to lock in Bachmann/Gohmert in 2016, but I think we could see someone quite a bit less moderate than Romney.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-76083098057943614542012-10-11T12:55:00.000-04:002012-10-17T02:49:01.710-04:00The opposite of graceful degradation<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTF72MWmm2-4JIuUfFIjYf6fbSqzKwH0pTr9N2UbePiAPO8s6lBJEAtVkgZ-OR16wrCfKA3c1-fR_v2a-1ZVZousStfmV9SMWiDAf2sLCnsDeQNyKF3EUWkQctvbiS_OarrJ-qBDJ5xQ/s1600/Graceful+degradation,+javascript+-+Coursera+considered+harmful.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTF72MWmm2-4JIuUfFIjYf6fbSqzKwH0pTr9N2UbePiAPO8s6lBJEAtVkgZ-OR16wrCfKA3c1-fR_v2a-1ZVZousStfmV9SMWiDAf2sLCnsDeQNyKF3EUWkQctvbiS_OarrJ-qBDJ5xQ/s1600/Graceful+degradation,+javascript+-+Coursera+considered+harmful.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
This is Coursera. (No, I'm not directly linking. They've been a bad boy.) "Why are you showing their webpage before it loads?" you might be thinking. Well, to me, this is their webpage. Because I was viewing it with Javascript disabled. And if you do that, this is all you ever see.<br />
<br />
That's right. The entirety of their site depends on Javascript. You don't just see a normal webpage but maybe the pop-up calendar doesn't work, or the navigation bar is a bit wonky. No, it's not even like Gawker circa 2011 where you still see some UI elements but everything else fails to load. Here, you simply see <i>nothing</i>.<br />
<br />
You'd expect a modern, hip company like Coursera might take heed of the ideas like graceful degradation and progressive enhancement that have been <a href="https://www.google.com/trends/explore#q=graceful+degradation,progressive+enhancement">all the rage lately</a>. The point is, it's fine to have extra features provided by Javascript or the latest HTML5 specs. But if those features don't work for your visitor, you should have the more basic functionality there and operational. The particular reason the idea has been popular recently is the explosion in mobile devices, many of which are limited in their form factors and supported technologies. It's also a good idea for accessibility and even <a href="http://www.webpagesthatsuck.com/googleisgod.html">Google juice</a>. But no, Coursera is turning away all those less-able devices and people at the door.<br />
<br />
Postscript: Yes, I can just turn Javascript on. And I probably will. But I am definitely not turning it on for every site I happen to run into. Whether out of security concerns (and oh, there are many) or because they just don't want all that crap bogging down their browsing, disabling Javascript is a legitimate choice <a href="http://www.searchenginepeople.com/blog/stats-no-javascript.html">many people</a> make. And if I run into a site like Coursera, half the time I'll just leave and never come back.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-26002483299094487842012-10-06T11:18:00.000-04:002012-10-06T11:18:00.256-04:00<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.smbc-comics.com/index.php?db=comics&id=2752#comic"><img border="0" src="http://www.smbc-comics.com/comics/20121002.gif" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-small;"> (<a href="http://www.smbc-comics.com/index.php?db=comics&id=2752#comic">Saturday Morning Breakfast Cereal</a>)</span></div>
<br />
Nothing more dismaying than an election year!Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-44453050447054914062012-10-03T13:00:00.000-04:002012-10-03T13:00:08.817-04:00"Tech Bubble" vs. "Social Bubble"<a href="https://www.google.com/trends/explore#q=social%20bubble%2C%20tech%20bubble&cmpt=q"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil99U2DVR66kLRs1vQ7_RZ5sBX0w5VTj8U_5olFZrbrhME6wHy6WN9gUgLVbFXfZuyF30VBACcClXRY4cwBYqyNgongrts19Pjaosw3AgWZc5kckfKv9T_NjPn2qUXxEh741-UUj6tHg/s1600/Google+Trends+-+social+bubble+vs+tech+bubble.png" /></a><br />
<div style="text-align: center;">
<span style="font-size: x-small;">(<a href="https://www.google.com/trends/explore#q=social%20bubble%2C%20tech%20bubble&cmpt=q">Google Trends</a>)</span></div>
<br />
In honor of the <a href="http://insidesearch.blogspot.com/2012/09/insights-into-what-world-is-searching.html">recent merger</a>
of Google Trends with Google Insights for Search, I thought I'd note an
interesting recent trend that confirms one in my own head. People
used to refer to the "Bubble 2.0" as the "tech bubble" exclusively, but now they refer to it
as the "social bubble" just as much. That evolution mirrors my own,
where I've come to understand that the current tech bubble is almost
entirely centered on social media hysteria.<br />
<br />
More info: I've written about bubble stuff a <a href="http://snurps.blogspot.com/2011/01/thats-it-bubble-20-im-calling-it.html">couple</a> <a href="http://snurps.blogspot.com/2012/05/bubble-20-details-on-eve-of-facebooks.html">times</a>, though you should probably just skip those and go directly to the <a href="http://techcrunch.com/2012/05/17/in-the-studio-crvs-george-zachary-discusses-bubbles-on-the-eve-of-facebooks-ipo/">really informative video</a> I linked. It's a really good, informative, non-hysterical analysis of the nature and evolution of the bubble.<br />
<br />
Oh, and P.P.S., in case you haven't heard, it's already <a href="http://tech.fortune.cnn.com/2012/08/16/pop-went-the-social-media-bubble-now-what/">popped</a>. But that's no surprise, is it? This was all pretty silly in the first place. Maybe now I'll stop seeing things like my local coffee shop begging for me to like it on Facebook.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-28791868706827945882012-09-30T15:40:00.004-04:002012-09-30T15:43:36.213-04:00Cybersecurity: not just protecting Grandma's bank account anymore<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhviYeowlypwuubxAgCau1_RNMMhNNBMvvZmf_9bUkd7PrvS28Er0OYRGCv82WheEOZpXnLd-qYcwBB6fVZkwpqTVsOC0euhpEg1wrHCFXdneCkiwhKic4uVHFbTcQycH-__yGPQv8gMQ/s1600/Muslim+Hacktivists+flag.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhviYeowlypwuubxAgCau1_RNMMhNNBMvvZmf_9bUkd7PrvS28Er0OYRGCv82WheEOZpXnLd-qYcwBB6fVZkwpqTVsOC0euhpEg1wrHCFXdneCkiwhKic4uVHFbTcQycH-__yGPQv8gMQ/s1600/Muslim+Hacktivists+flag.jpg" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-small;">(source: <a href="http://www.pcmag.com/article2/0,2817,2410127,00.asp">PC Magazine</a>)</span></div>
<br />
So <a href="http://www.informationweek.com/security/attacks/pnc-bank-hit-by-crowdsourced-hacktivist/240008128">reportedly</a>, PNC Bank's website just got hit by a Muslim hacktivist group (don't worry, it was just a <a href="http://xkcd.com/932/">DDoS</a>). It's supposedly another front in the <a href="http://en.wikipedia.org/wiki/Innocence_of_Muslims">Youtubes Wars of 2012</a>. But, like most of these shenanigans, people suspect it to be just a tool for political aims. Specifically, some government people think it's just a cover for Iran's burgeoning hacker corps.<br />
<br />
The point is, for years we've been hearing people try to use "cyberterrorism" as another way to scare people into securing their networks. But it's now finally happening.<br />
<br />
So before, security experts were saddled with warning about your credit card number getting sent to Russia as their most realistic argument. And the non-security person could counter with "Well my bank will just reverse the charges, so why is it worth running a hardened Arch Linux system just to look at cat pictures?" Now, hopefully, we're seeing that it's not just about weighing the hassle of your own (or your customers') info getting out. It's a matter of national security. So finally, people: get your shit together!Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-66054104815035784512012-09-29T11:43:00.000-04:002012-09-30T00:05:42.534-04:00The Howling Fat Men of the Coen Brothers<iframe allowfullscreen="allowfullscreen" frameborder="0" height="360" src="https://www.youtube.com/embed/OOmtcgS0yC8" width="640"></iframe><br />
<br />
Of course this is a Coen Brothers trope. Why would you expect any different?<br />
<br />
But really, this video might be better if it were restricted to John Goodman. The entire thing is worth it just to see him burst out of the ground amidst a thunderstorm, yelling at the sky like he clawed his way out of the womb that is Mother Earth herself. Nothing will convince you of that man's overwhelming presence like that clip.Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-4379599532489929542012-09-15T13:31:00.000-04:002012-09-15T13:31:00.616-04:00Walph Raldo EmersonIs it just me, or does anyone else always think that when they read "Ralph Waldo Emerson"? I have no idea why it transmutes in my head to that, but it does. And for some reason the name "Walph" is hilarious to me.<br />
<br />
Somehow Google yielded no pages discussing this very important phenomenon. Looks like there's still a topic in this world that's not on the internet. (Until now. And yes, that's half the purpose of this post.)Nickhttp://www.blogger.com/profile/08714198119382184216noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-60941915062901362292012-09-13T10:00:00.000-04:002012-09-13T13:29:15.909-04:00The new iPod nano<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3tM1y_m08pcnm2wSy4jyDfRRMRqOTVgFNup9DK46E6Sw2tYGcjm-zqV4r-0ibjwxkc9LQ7ErxxfIQ2FlpLMlO5Fuimw5ZlaftBHgPicoN2nSambbfLd-ZDa6_9ttwfAiNnnz-oc-WGA/s1600/new+iPod+nano+vs+Nokia+Lumia+(ncOvL).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3tM1y_m08pcnm2wSy4jyDfRRMRqOTVgFNup9DK46E6Sw2tYGcjm-zqV4r-0ibjwxkc9LQ7ErxxfIQ2FlpLMlO5Fuimw5ZlaftBHgPicoN2nSambbfLd-ZDa6_9ttwfAiNnnz-oc-WGA/s1600/new+iPod+nano+vs+Nokia+Lumia+(ncOvL).png" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-small;">(via <a href="http://imgur.com/gallery/TkovI">imgur</a>)</span></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-size: small;">Uh oh, better break out the lawyers.</span></div>
<div style="text-align: left;">
<span style="font-size: small;"><br />
</span></div>
<div style="text-align: left;">
<span style="font-size: small;">P.S. I swear this won't turn into a 24/7 Apple Hate blog. But for the time being, I've decided to stop holding back at all. The fact that we can now patent rounded corners and make the other guy pay <a href="http://arstechnica.com/tech-policy/2012/08/jury-returns-verdict-in-apple-v-samsung/">$1 billion</a> for it</span> means all the stops have been pulled out and we're now in free-fall toward patent law insanity. And Apple has (unexpectedly) decided to become the poster child of all of it.</div>
Nick Shttp://www.blogger.com/profile/14422991609469620155noreply@blogger.com0tag:blogger.com,1999:blog-1931390715180609163.post-32661882017373357722012-08-31T21:51:00.001-04:002012-08-31T21:52:41.417-04:00Facebook<div class="separator" style="clear: both; text-align: center;"><a href="http://arstechnica.com/business/2012/08/facebook-stock-drops-to-all-time-low/"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjG70qe0wnGE2oYsiMdOpcq_zXtJ9WqwCW7yYwrYPPoHAOiUpqd4lbTnrzFQhDPjgmUDh293YhH0lvxtuqKbw8KgfLCVb45Y5mufHYgu01usQubvthKt9oidIixWYMbBT76JyhfeDq68QE/s1600/Facebook+stock+-+Ars.PNG" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEid00ungvJzu28NCDKtIJ22ycEBNJEOzBhCgNrUbGxfCjYAmPLNrsWyAB_eWhohBK5pJpNifYhLn56kP4sOedtSYBb3XCwdM0QA3On06VwCfG5PaU0Irycf5wNcgX-EBKWogUPYxWzVUww/s1600/popcorn.gif+-+Michael+Jackson+(eagerly+watching+movie,+eating+popcorn,+watch+the+drama).gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEid00ungvJzu28NCDKtIJ22ycEBNJEOzBhCgNrUbGxfCjYAmPLNrsWyAB_eWhohBK5pJpNifYhLn56kP4sOedtSYBb3XCwdM0QA3On06VwCfG5PaU0Irycf5wNcgX-EBKWogUPYxWzVUww/s1600/popcorn.gif+-+Michael+Jackson+(eagerly+watching+movie,+eating+popcorn,+watch+the+drama).gif" /></a></div><br />
<span style="font-size: x-small;">(source: <a href="http://arstechnica.com/business/2012/08/facebook-stock-drops-to-all-time-low/">Ars Technica</a>)</span>Nickhttp://www.blogger.com/profile/08714198119382184216noreply@blogger.com0